Consultant — SecOps / AI FDE (Forward Deployed Engineer)

Consultant - SecOps / AI Engineer (Forward Deployed Engineer)

Our Deloitte Cyber team

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions that help clients navigate the ever-changing threat landscape. Through managed services, engineering, and cyber transformation capabilities that simplify complexity, we enable clients to operate with resilience, grow with confidence, and proactively manage cyber risk.

The team

Our Cyber Defense & Resilience offering helps clients defend against advanced threats by transforming security operations, monitoring technology, detection engineering, automation, data analytics, and threat intelligence. We help manage and protect dynamic attack surfaces while improving readiness, response, and recovery across the cyber lifecycle.

Position Summary

Consultant - SecOps / AI Engineer (Forward Deployed Engineer), you will play a critical hands-on role in delivering high-impact security engineering solutions across multiple client environments. This is a client-facing, embedded engineering role for someone who can work directly with client stakeholders, understand operational pain points, and rapidly design, build, and deploy solutions in live or near-live environments.

You will help clients modernize security operations by designing and implementing SIEM, SOAR, detection engineering, security telemetry, automation, and AI-enabled workflows across a range of security platforms and cloud environments. You will combine strong security engineering fundamentals with practical AI/automation skills to improve analyst efficiency, alert fidelity, response speed, and operational scalability.

As a Forward Deployed Engineer, you will serve as the bridge between client needs and technical execution - translating ambiguous requirements into production-ready workflows, integrations, detections, and automation solutions. You will work side by side with SOC teams, threat detection engineers, architects, and client leaders to deliver measurable operational outcomes.

Recruiting for this role ends on 5/31/2026

Key Responsibilities

Design and implement secure, scalable, and resilient security operations solutions across SIEM, SOAR, telemetry, case management, and response platforms in alignment with enterprise security policies and regulatory requirements.

Serve as a Forward Deployed Engineer, embedding with client teams to understand operational workflows, rapidly prototype solutions, and productionize capabilities in client environments.

Lead end-to-end deployment of log ingestion, normalization, enrichment, and routing pipelines using APIs, connectors, data pipelines, and event streaming technologies.

Collaborate with SOC analysts, threat hunters, and detection engineers to prioritize, develop, test, and tune threat detection content aligned to adversary behaviors and enterprise risk.

Translate SOC processes into automation playbooks and orchestration workflows to reduce alert fatigue, improve analyst productivity, and accelerate response.

Design and develop integrations between third-party enterprise systems and security platforms to support automated ingestion, enrichment, triage, investigation, and response.

Build and optimize case management and analyst workflow solutions that improve investigation quality, consistency, and operational metrics.

Apply AI and automation engineering techniques to enhance SecOps use cases such as triage assistance, alert summarization, knowledge retrieval, workflow orchestration, analyst copilots, and response recommendations.

Help define guardrails, testing approaches, and evaluation criteria for AI-enabled security workflows to ensure they are secure, reliable, and operationally useful.

Mentor junior practitioners in security engineering, automation development, and modern SecOps practices.

Stay current on cyber threats, attack techniques, detection strategies, AI engineering trends, and regulatory/compliance developments to continuously improve client security posture.

Contribute to reusable engineering assets, accelerators, implementation patterns, and internal eminence.

Required Qualifications

Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, or related field, or equivalent work experience.

1-5 years of experience in security operations, detection engineering, security engineering, or enterprise cyber defense.

Hands-on experience designing, implementing, and optimizing SIEM, SOAR, detection, telemetry, and response workflows across one or more enterprise security platforms.

Experience building and maintaining integrations, automations, and engineering workflows using Python or similar scripting languages.

Strong understanding of security operations concepts, including alerting, detection logic, incident triage, investigation, response, and case management.

Strong knowledge of security frameworks and attacker behavior models such as MITRE ATT&CK, Cyber Kill Chain, or similar.

Experience with log parsing, normalization, data transformation, and pipeline development across enterprise or cloud environments.

Familiarity with API integration patterns, event-driven architectures, and workflow orchestration.

Experience working directly with clients or internal stakeholders to translate operational requirements into technical solutions.

Ability to work in ambiguous environments, move quickly, and deliver practical solutions with strong engineering judgment.

Limited immigration sponsorship may be available.

Ability to travel up to 50%, on average, based on the work you do and the clients and industries/sectors you serve.

Preferred Qualifications

Experience across multiple security platforms such as SIEM, SOAR, XDR, ASM, TIP, EDR, and case management tools.

Familiarity with one or more cloud environments such as AWS, Azure, or Google Cloud, including security telemetry and cloud-native security services.

Experience with threat hunting, cyber threat intelligence, or purple team collaboration.

Familiarity with data pipeline and observability technologies used for ingestion, routing, and transformation.

Experience applying AI/ML or LLM-based workflows to security operations, including agentic orchestration, retrieval, prompt workflows, evaluation, or human-in-the-loop response patterns.

Familiarity with frameworks and tools that support AI-enabled engineering workflows, such as orchestration frameworks, model gateways, context protocols, or agent development kits.

Foundational knowledge of infrastructure and networking concepts such as IP networking, DNS, VPNs, firewalls, proxies, identity, and access control.

Experience across multiple vendor ecosystems rather than a single OEM platform.

Relevant industry certifications such as Security+, GSEC, GCIA, GCIH, CISSP, CCSP, Splunk, cloud security, or related engineering certifications.

Previous consulting or professional services experience preferred.

Information for applicants with a need for accommodation:

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $80,400 - $148,000

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

#CDRCyber26